Switching away from LastPass

Will

Senior Administrator
Staff member
Joined
Mar 4, 2012
Posts
8,162
Location
%tmp%
Finally switching away from LastPass after 12 years a customer...

Used to be a great product, and I even stuck it out through the last few major security issues, but unfortunately recent bugs have made the product virtually unusable for my setup.

I've switched to 1Password which I definitely prefer so far, although curious what folks here are using?
 
I use the very old SplashID V 4.16 from 2008. I originally bought it as V2.06 in 2002 as a password manager for my Palm Tungsten T PDA. It was great because you could "hotsync" it with a Windows "Deskto"p version.

I eventually migrated away from PDA when I got my first cell phone but kept the Windows and still use it to this day. It is totally stand-alone which I prefer. It does not rely on network and definitely not the cloud.

I store passwords, but also all sorts of other things like credit card info, kids and grand kids social security numbers, bank accounts, combination lock numbers and more.

Several years ago they switched to cloud based storage and a recurring fee subscription plan - which I refuse to do. I don't need anymore recurring bills. This version syncs between multiple devices, including cell phone.

Since I don't live on my cell phone, I have not found the need to have my passwords on my phone.

Every time I upgrade to a new version of Windows, I cross my fingers and toes in the hopes my old version will run in the new Windows. So far it has, up to and including W11.

I have over 500 entries. While it lets me export the secure database in .csv format, I have not found a more modern password safe/manager that will import it properly. So I'll stick with this as it still serves my needs well.
 
I use the very old SplashID V 4.16 from 2008.

That's definitely legacy - I think my main concern would be how good the encryption from that era is, although if it's fully offline it's probably lower risk.
 
When I worked for Northrop Grumman IT supporting DoD and State Department secure networks, and I occasionally had to work remotely from home, that subject came up. But this version of SplashID uses Twofish encryption and the powers that be at the time determined that was plenty good and IMO, still is. And would be even if it was not stand-alone.

Besides, between Equifax and National Public Data essentially inviting the bad guys in to steal all our personal information, it is almost to the point where I'm not sure the point of having passwords any more anyway! :( There's also 23andMe giving away our DNA data. While I did not personally have an account there, I learned two of my cousins did (one on my mom's side and the other on my dad's) and they both were compromised. So I assume I am too.

That said, I still use strong, hard to guess passwords. In fact, most are unique too. SplashID has a nice password generator that will create passwords up to 20 characters long, with the option to use a-z, A-Z, 0-9, !@#$%^& and more special characters, and foreign/accented characters too like, áôâôîôíêûõúèêúìÿüðùá.

Of course, like all PW managers, you must use a strong, hard to guess master password to open the manager. And of course, never write it down or post it on line. "Hank", my dog's name is good enough, right? ;)
 
I have been with 1Password for a few years now. I switched from Lastpass because it just didn't work consistently across platforms specifically the Android phones I've had. (Google Pixels)
 
(...) although curious what folks here are using
I'm using KeePassXC since many years with multiple databases;
- DB for daily use including the Firefox extension.
- DB for more critical credentials which I use less frequently without browser connection.
I use the password manager only on my systems, not on my mobile phone although I do use it for 2FA.
 
Used KeePass for a long time, but moved to Bitwarden about 6 months ago and been very happy.
 
I really don't think it matters which password safe/manager one uses. The important thing is to just use one.

When I used to go on trouble calls a lot, the first thing I would do is sit down at the client's computer, and look around at everything within hand's length. This would be under the keyboard, in a desk drawer, in an index box or binder sitting on the desk or nearby shelf. And so often I would find a list or index cards with all their passwords written on them. They were embarrassed at how fast I found them. And when I explained that is exactly I would do if I was a burglar stealing their computer, or their son's mischievous buddy, or a nosy visiting nephew looking for their wifi passphrase, they were even more embarrassed, and a bit scared, and glad I am not a bad guy.

The truth is, the vast majority of bad guys are lazy opportunists looking for the low-hanging fruit. Any resistance or obstacle in the way and they are going to move on to easier pickings.

So it really doesn't matter how strong the encryption logarithms are, as long as the password database is encrypted.

Someone would have to be targeting you specifically because they personally know you and know you have something they want. How likely is that with a home computer?

So IMO, the choice should simply boil down the features you want, and the look and feel you are most comfortable with. Then just use it.
 
And so often I would find a list or index cards with all their passwords written on them.
When I was still an apprentice chef in a large kitchen in the early 1990s, I saw on all systems an floppy-disk which was not fully loaded into the drive! When I first saw that, I pushed the floppy in and looked at it but no data? So I removed the floppy to look at, the main PW (without username) for that system was written on the label!

We had 4 systems in the office, so as proof of concept I've swapped the floppy disks on all the systems! Unfortunately, they could not appreciate the joke, but they did then strengthen password security and each user got its own NT4.0 / Novell credentials to use the systems.
 
I use Bitwarden as well, not been using a password manager for more than a year, and Bitwarden is my first password manager but I like it so far.
 
You're all invited to my house to convince my wife to use a PW Mgr. She has scraps of paper, sometimes without username and when changing a PW, doesn't throw the old one away. When working on her computer, if I want to look at a protected website i have to go into the browser saved version (both FF & Opera).
 
I removed the floppy to look at, the main PW (without username) for that system was written on the label!
Yeah, I've even found passwords written on sticky notes stuck to the monitor. :(

if I want to look at a protected website i have to go into the browser saved version (both FF & Opera).
Exactly why I do not recommend, and try to discourage users from saving passwords in browsers.
 
I'm using KeePassXC since many years with multiple databases;
- DB for daily use including the Firefox extension.
- DB for more critical credentials which I use less frequently without browser connection.
I use the password manager only on my systems, not on my mobile phone although I do use it for 2FA.
I've considered KeePass in the past. What platforms have you used it on and how well does it work?
 
Last edited:
I really don't think it matters which password safe/manager one uses. The important thing is to just use one.

True to an extent, although there are other factors as well. I've switched away from LastPass due to experiencing bugs and poor service - customer experience is still part of it.

RE: the encryption point - LastPass suffered a huge breach in 2022 where the encrypted database was exposed. Whilst the encryption itself is believed to be safe, things like URLs were not encrypted, so anyone with access to the database could see certain parts of information.

Unfortunately we can't audit the code of all of the different providers, but I'm hoping enough of them have learnt the lesson from the breach and tightened up their security.
 
What platforms have you used it on and how well does it work?
It works great, but I have only some issues with a Dutch IPB forum which shows an TOTP-warning! But that has to do with their configuration. So in such cases you'll need to enter your username manually before you can login to the forum. Or they are still using an older IPB version, this because I've seen this issue at BC as well some years ago.
 
True to an extent, although there are other factors as well. I've switched away from LastPass due to experiencing bugs and poor service - customer experience is still part of it.
I definitely agree when it comes to LastPass - but not for bugs. Poor service absolutely - that is if you are referring to the fact they keep getting hacked.
 
I switched from LastPass to NordPass recently. LastPass kept getting more expensive and having more security problems. I already use NordVPN so it was convenient to add to my existing subscription. Very similar to LP but cheaper and much higher rated for security/privacy. There were a few passwords that didn't export/import correctly but it wasn't too bad to fix.
 
Back
Top